By Richard Chirgwin, 27th June 2013
Opera is giving users the standard upgrade advice after a successful attack on its network allowed evil-doers to copy a software-signing certificate.

As a result, they would be able to craft malware that would authenticate as coming from Opera.

In this blog post, Opera's Sigbjørn Vik explains that the software company identified and halted the attack on June 19. Although it's confident that “there is no evidence of user data being compromised … the attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware.”

Opera believes the impact is limited to “a few thousand Windows users” who may have automatically received and subsequently installed the malware. Opera directs users to Virustotal for an overview of which packages will detect the malware.

In spite of the reassuring tone of the post, Sophos' Paul Ducklin notes that the attackers apparently managed to upload at least one malicious file back into Opera's servers.

Opera says it is now working to ship an update of its browser, and advises users to install it as soon as it becomes available. ®

The new Opera browser, based on Chromium, has reached a stable release. The full revision number is 15.0.1147.130 and it is the first stable release since the Norwegian developer ditched their proprietary Presto layout engine.

Users upgrading from version 12 of the application may think they’ve landed on fairly unfamiliar ground given the new design, but much of the old profile (passwords, cookies, user-defined searches, and extensions) is migrated into the new release.

Bookmarks are brought into Opera 15 via the importing tool which checks the old profile and offers the possibility to extract the links to the Speed Dial component.

However, the fresh build no longer integrates an email client; it is now a standalone application, but when installed it’ll automatically detect and import all the details from the old Opera 12 profile.

In the case of notes, though, Opera 15 saves them into an HTML file (called “Opera 12 Notes”) on the desktop. Opera Link users can still access synced information from the web interface; keep in mind that this feature has not been fully integrated in the new browser.

Additional hurdles when migrating from Opera 12 to Opera 15 touch on extensions, which may not be enabled automatically and turning them on manually may be required.

Also, you have to migrate your passwords manually by running the browser with the “--presto-master-password=<master password>” command line switch.

Opera Software released today version 12.16 of their web browser, which includes a newly issued code signing certificate as a result of the recent security breach in their internal network infrastructure.

The breach occurred on June 19 and the company came out with the details last week, informing that the attack did not appear to have compromised any user data.

Instead, the attackers managed to grab “at least one old and expired Opera code signing certificate,” which was used for signing malicious code.

Opera 12.16 (which may very well be among the last revisions running on Presto) is signed with a new certificate, as well as Opera Mobile Classic for Android 12.1.5.

Updating to the latest version is highly recommended as the issue affects the browser for all desktop platforms as well as some mobile ones.

The Norwegian developer did not mention any other changes for this build.